package cn.htsyb.synergy.security.web.configuration;

import cn.htsyb.synergy.security.web.captcha.filter.CaptchaValidatorFilter;
import jakarta.annotation.Resource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;


/**
 * @author lakeside hubin_yuan.410@hotmail.com
 * @version V1.0.0
 * @date 2022/5/22
 * @since 1.0
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration {
    /**
     * 注入用户权限服务
     */
    @Resource

    private UserDetailsService userDetailsService;
    @Resource
    private PasswordEncoder passwordEncoder;
    /**
     * 注入验证码过滤器
     */
    @Resource
    private CaptchaValidatorFilter captchaValidatorFilter;


    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)//(2)
    public SecurityFilterChain servletSecurityFilterChain(HttpSecurity http) throws Exception {
//        http.authorizeHttpRequests((authorize) -> authorize
//                    .antMatchers( "/oauth2/**", "/login/**" ,"/assets/**").permitAll()
//                    .antMatchers("/**/api/**").authenticated()
//                    .anyRequest().authenticated()
//            )
//            .httpBasic().disable()
//            .formLogin(withDefaults())
////            .oauth2Login(withDefaults())
//        ;
        http.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll())
                .formLogin().disable();
        http.csrf().disable()
            .cors().disable();
        return http.build();
    }


    /**
     * 暴露AuthenticationManager 支持oauth 的 granType=password 模式(oauth2.1已不支持)
     *
     * @return
     * @throws Exception
     */
    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    public AuthenticationManager authenticationManagerBean(HttpSecurity http) throws Exception {
        AuthenticationManagerBuilder managerBuilder= http.getSharedObject(AuthenticationManagerBuilder.class);
        managerBuilder.authenticationProvider(customAuthenticationProvider());
        AuthenticationManager manager= managerBuilder.build();
        http.authenticationManager(manager);
        return manager;
    }
    protected AuthenticationProvider customAuthenticationProvider(){
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        provider.setPasswordEncoder(passwordEncoder);
        //设置不隐藏[用户未找到]相关异常
        provider.setHideUserNotFoundExceptions(false);
        return provider;
    }


}
